Part 2: QoS

The QoS settings are tricky, and how to set them up varies widely from switch to switch. The GS108T is probably a little worse than most. It isn’t a Cisco 2800. It also doesn’t cost what a 2800 does. First, ignore the first section under QoS called “CoS”. For our purposes, it is useless. Skip it and go to the DiffServ section.

For review, the QoS settings we need are:

DHCP traffic should have 802.1p bit = 2

IGMP traffic should have 802.1p bit = 6

All other internet traffic 802.1p bit = 3

Technically, we only need the settings for “all other internet traffic” but to play nicely, make it less likely for Google to have a problem with our router, and completeness here, we’ll set it up as above.

The 108’s QoS is configured in three parts: class, policy, and service. They must be configured in this order, and unconfigured (if you choose to do so) in reverse order. The class sets up the matching rules, the policy modifies the packets to include the proper QoS bits, and the service applies the rules to a switch port.

Choose Advanced > DiffServ Configuration

Class Configuration

Add the three classes, but don’t configure them yet. Enter DHCP into the Class Name box, select All from the Class Type. (All is the only choice.) Click the Add button from the bottom right. Do the same for IGMP and Default.

Click on the class you created for DHCP. Enter the following settings, leave the rest blank.

VLAN = 2

Source L4 Port = Other 68

Destination L4 Port = Other 67

Click the apply button in the lower right.

Go back to the Class Configuration screen, and configure the IGMP class. Leave the other settings blank.

VLAN = 2

Protocol Type = IGMP (Ignore the box, it will fill itself)

Click the apply button in the lower right.

Go back to the Class Configuration screen, and configure the Default class. Leave the empty settings blank.

VLAN = 2

Click the apply button in the lower right.

Policy Configuration

Basically, the policy is where you’re going to tell the switch what to do with the packets that match the classes you set up. This is also one of the nasty places in the UI where it is easy to think you’re stuck.

Go to Policy Configuration. Please read the next couple of paragraphs carefully before continuing. The way you create the policies is a little confusing.

Enter a policy name of GF and select DHCP as the member class. Click the Add button in the lower right.

Now, to add the IGMP policy, check the box next to the row you just created for the DHCP policy, and select IGMP as the member class. Click the Apply button in the lower right. The reason it works this way is because you need to group all of your classes under one policy. The Add button will add a new policy, which is not what you want. You want to add a class to the policy you already created. Confusing until you understand what the UI is doing.

To add the Default policy, check the box next to the row you just created for the IGMP policy, select Default as the member class. Click the Apply button in the lower right. Your screen should look like so:

Note: If you need to remove a class from the policy, you have to do so from the bottom up. Make sure you re-add any in the way and order described above. Once you set a policy’s configuration (next section), you will have to delete the policy to change it. This means that if you need to change the policy for the DHCP class, you will have to remove both the Default and IGMP policies from the class first.

To set the policy for the DHCP class, click on GF on the first row where DHCP is the member class.

Select the Policy Attribute > Mark COS and set the value to 2. Make sure you mark the radio button for Mark COS.

Click the apply button in the lower right.

Go back to the Policy Configuration.

To set the policy for the IGMP class, click on GF on the second row where IGMP is the member class.

Select the Policy Attribute > Mark COS and set the value to 6. Make sure you mark the radio button for Mark COS.

Go back to the Policy Configuration.

To set the policy for the Default class, click on GF on the third row where Default is the member class.

Select the Policy Attribute > Mark COS and set the value to 3. Make sure you mark the radio button for Mark COS.

Click the apply button in the lower right.

Service Configuration

Almost there. Go to the Service Configuration.

Mark the box next to g2 and choose the policy GF.

Note: g2 is not a typo. This isn’t true of all switches, but here make sure to choose your router WAN port for the service configuration. The GS108T QoS only acts on packets coming into a switch port, not packets leaving a port. You need to mark the packets for QoS as they’re leaving the router coming into switch port 2, then outbound on switch port 1 to the OTN.

Click the apply button in the lower right.

Conclusion

That’s it. Go back and run your speed test and compare it with your baseline to make sure everything is working properly.

If you need to make adjustments to the QoS, you’re going to have to walk backwards through the configuration. That means first removing the policy in the Service Configuration.

Thanks for the writeup. I’ve got my GS108tV2 setup and ready to go for my install in about two weeks. Two questions though:

1) You setup classes and QoS policies for IPv4, but how about for IPv6? The configuration options that I show available for IPv6 aren’t the same though so it doesn’t appear I can just replicate the same classes and policies for v6 — might v6 speeds suffer because of this or do they manage their QoS in a different way that “just works?”

2) How about IGMP settings? Can the GS108tV2 do the needed IGMP to handle the Google Fiber TV side of things as well? Thank you!

As far as I’m aware, no work has been done with IPv6 at this point, though we’ve talked about it a little. The best place to ask is probably the GF product forums thread or the pfsense thread. I don’t know IPv6 well enough to quite understand what needs to be done yet, either in the switch or pfSense.

The switch seems to handle the IGMP traffic fine. My co-hackers haven’t noticed any problems with the multicast traffic. Unfortunately, I’ve had some weird issues where two specific channels disappear after some amount of time. It looks related to pfSense rather than the switch. I opened a thread on the pfSense forums a couple of months ago. I’ve run some packet traces, and discovered a possible clue – it appears that the two channels with the problem share an upstream 10.x.x.x IP address with channels adjacent to them (the two problem channels are not adjacent and do not have the same IP address). Whereas, other channels I’ve looked at seem to have a unique address.

Overall though I haven’t had a whole lot of time to really try to dig in and figure out why the multicast breaks – I’ve had to put the GF router back in to resolve it. One of the problem channels is the local NBC feed, and the family would like the TV to work, instead of me monkeying with it 🙂 I might take some time this weekend to mess with it some more.

Thank you so much for the helpful instructions. Just a question or two: I’m getting Internet access with upload and download speeds around 500 MB/s. I have the OTN plugged into port 1 and my Cisco Linksys E4200 plugged into port 2. All of my devices are plugged into the router ports and work great. However, if I plug any of them into ports 3-8 on the switch, they don’t work. I’ve checked the VLAN settings and ports 3-8 are all marked with a “U” as instructed. I’ve done a factory reset several times and reconfigured without success. Any suggestions?

I’m also unable to access the switch web UI unless I disconnect everything and plug the switch directly into my computer. I turned DHCP off on the switch and set the IP address, gateway, and subnet to match my network, but no success there either. Suggestions?

Note that there are two different screens in the switch that need to have the ports configured for their VLAN assignments. On the first screen mentioned in the guide VLAN Membership, you’ll need to be sure that you have “VLAN ID: 1” selected from the dropdown when you tag the ports, and make sure you didn’t accidentally mark them “U” on VLAN2.

The second screen, Port PVID Configuration should not require any changes for VLAN 1. However, you should make sure that ports 3 – 8 are assigned to PVID 1.

I have the GS108PEv2. It does not have granular QOS settings as the GS108Tv2 does. In it’s default configuration, I only got 10MBPS up. By configuring QoS Mode to “Port Based” (instead of 802.1p Based), and then changing the Priority on Ports 1 & 2 to “Normal Priority” (from the default of “Low Priority”, the upload speed went backup up to 900 plus.

If you send me an email, I can email back screen shots of the GS108PEv2 configuration settings.

I can’t speak for OP, but I did just get my google fiber installed in Olathe on Monday 12/28 and just today had time to figure out why I was only getting 10mbit/s upload with my own router. I’m using a Cisco router, and the configuration was pretty straight forward. Upstream interface needs a subinterface with dot1q encapsulation on vlan 2, then you need a couple class maps to match dhcp, IGMP, and a policy map to set the cos like in the original post here. Finally set that policy map as your output service policy on the subinterface and you’re good to go. Mine looks something like this:

Matt- Thank you. What platform/model router are you using? I am in Olathe, and I’ve been trying to get this working on my residential connection for some time now. I have the Fiber Jack landing on port1 of the 3750, the GFNB into port2, and my ASA on port3. This design allows the GFNB to stay in the mix, and bring up my firewall adjacent to it. The GFNB pulls an IP, and all TV and internet services behind it, work great. The ASA pulls an IP succussfully, although it is on a completely separate network than the public IP that is assigned to the GFNB. From the inside, I am able to ping, trace, and resolve DNS, but I am not able to browse.

I was going to eliminate the firewall for now, and test using only the 3750, but I have been unable to get the vlan 2 SVI on the 3750 to pull an IP. Debug shows the request and offer, but the IP never gets assigned. My config is below.

Well, I was and am impressed with the work done to get a 3rd party router on the GF network!!! Bravo!

I’m glad I found this as GSupport is NOT inclined to point you in ANY direction but shot down when asked bout settings for VLAN and QoS on ANY router. I had my warehouse mail me a spare GS 108Tv2, which I promptly, well not so much as I did that after following the Instructions on Part 1 and 2, upgraded to 5.4.2.13.

I followed the steps on both Part 1 ( have now 110M D/9.7M U) after those settings were completed. This is the same as when I had setup my Meraki Z1 DIRECTLY to the GF PON, which I can flag the WAN port to VLAN2, but, unfortunately, have NO QoS settings available.

Now, the Fun part is QoS as I have Chatted with a G Support ‘specialist’ who finally confirmed that the GF Upstream router IS receiving the correct QoS bits, 802.1p from me. I also setup Port Mirroring, though, I don’t see Internet traffic on the Netgear Port that is used as a “WAN” connection to the Meraki Z1 WAN port.

HOwever, Still at 100M/10M, basically…

Any suggestions, directions, or frustrations that any of y’all can share?!

In the Netgear, I blew out all of the above (in reverse order of course) and started with something simple… (1) Class and (1) Policy.
Class – AllGoogleTraffic – Setup to VLAN2.
Policy- GoogleFiberConnection – (Mark CoS) to 2.

Service Configuration – Apply Policy IN to G2 port.

Getting 100 Mbps up and 100 Mbps down…

I believe this MAY be an issue now with my Meraki Z1 router. I’ve put in a Support request with my IT Support on all things Crisco…

Just an FYI update.

Oh, and I setup Port 8 on the Netgear as a Trunk Port for VLAN1 as well as Port 1 on my Meraki set as a Trunk Port and connected them so that I can access the VLAN 1 from my Meraki Z1 Network. That works as well.

Thank you so much for sharing your work. I’ve purchased a TP-LINK 5-Port Gigabit Easy Smart Switch for $35 to give it a try and it works great, after I’ve configured VLan, Qos and enable IGMP snooping then ran a speedtest on my laptop gets 800’s download and 700’s upload. I’ll setup my own router tonight.

Anyone have success configuring a static IP for their so called business class.

I understand VLAN 2 WAN connection is recommended to be DHCP and COS p-bit 2, got that configured already. How would you go about configuring a static IP address so a host can be directly connected to the internet? This host I am planning on using is a voice gateway.

My netgear GS748t won’t let me name the DHCP, IGMP, and Default DiffServ Policy Configurations the same “GF” name under Policy Selector. It says they already exist even though I’m choosing DHCP, IGMP, and Default differently.

I’ve created GF_DHCP, GF_IGMP, and GF_DEFAULT. However, when I go to Service Configuration I can only choose one of these policies.

Sorry, I’m not familiar with the 748 interface so I can’t really tell you what might be going on there. I wrote the guide partly because the 108 UI was so confusing and hard to navigate with pitfalls of the general kind that you describe.

Thanks for the feedback. I assume you’re referring to the GF business product. There’s more information about that here[1]. Since I only have residential service, this post was really only written with residential connections and a single dynamic address in mind.

I’m really struggling with this, the lack of use full info from Google is maddening!

I’m trying to use a couple static IPs out of a 5IP block on Googles business offering. I’ve got a couple Polylcom video conf boxes that pretty much have to have their own public IP addresses.

First, I’m not quite sure, maybe things have changed?.. on the dynamically assigned address, getting gigabit speeds from a regular firewall (using Tomato on a RT-AC68u) isn’t a problem without the GS108 in front of it.

Anyway, I bought a GS108T, programmed it as described, it seems to work fine. I plug fiber into port 1, my firewall into 2, I still get the same address assigned dynamically.

When I programmed the GS108, I put ports 3-7 on VLAN 2, same as port 2. I was thinking/assuming that I could then set static addresses on my Polycom units and just plug in. Apparently I don’t know what I don’t know, that doesn’t work.

Does anyone know how to use the 5 static IPs Google provides? I’ve searched a lot and all I find are references to this (and Atlantisman’s work on pfSense), and google support docs that really don’t reveal anything useful. I’m in a pinch trying to set this up for a client, I’m at the point where I’d be willing to pay someone out of pocket for assistance.

If I sat down with it for a little while, I might be able to figure it out. Unfortunately though, I don’t have any direct experience with the GF business product. There’s a larger audience over at the GF product forums, and thus a better chance of finding someone who’s worked with GF business. Might try posing your question there.

You’re not the first person asking about this. In the mean time, I’m going to reach out to my contacts inside GF and see if I can get my hands on some materials to learn more to be able to help you guys with this.

I don’t seem to have any problem getting the full bandwidth with just a normal firewall configuration- the VLAN/other issues don’t seem to be there. I’m wondering if the business offering is just different from the residential one?

Still, there’s the mystery of accessing the 5 static IPs, but for “normal” use it doesn’t seem any special sauce is needed.

Ahh…. the forum. I found there was some real concern about Google dropping the Tennis channel, but little else of use (5-static-ips wise).

I’m playing with a Edgerouter right now, to see if I can get that to do the trick. (it happens I have one that I bought for myself to experiment/play/learn, just coincidence)

Ideally I end up with a box that google plugs into in one port, and that I have an actual network on another. I then park my firewall and polycoms there. Seems like such a simple thing 🙂 Whether that’s the GS108T, an edgerouter, whatever, just need it to work, and need to understand it well enough to do it again.

I really appreciate your reply and your help- there’s no telling how many people have benefited from the information you’ve posted. If I figure anything out I’ll post my findings back here. Thanks!!

Chris, if you want to send me an email at Lothsahn@, I might be able to help you out. I use yahoo for service. Hopefully you can make sense of that, but the spambots can’t… 🙂

I suspect the 5 addresses can be obtained by plugging a switch into the GF box and having each device on the outer network. Then you can put the rest of the devices behind the Tomato box. However, if you want everything behind the Tomato box, that can be achieved as well–Tomato is very powerful.

Like you said, no special sauce vlan stuff appears to be needed for business/community. I suspect this is because there’s no TV service. I think the vlan stuff is for QoS so the TV service isn’t impacted during heavy usage periods.

I’ve spent some time with Googles business-class support, which hasn’t been all that helpful… they generally won’t tell you (or seem to know) anything more than is on the web page. BUT, I’ve got some useful information out of it (although I still haven’t solved my issue)

First, the “residential” service runs over VLAN2, with some COS settings thrown in, as we already know… all documented nicely above 🙂

“Community” services, from what I understand, are the same, with VLAN3 thrown in for the static IP addresses. So you would configure much like above. Expanding on the configuration-
Port1 (connected to the fiberjack) setup with tagged VLAN2 and VLAN3 traffic
Port2 untagged VLAN2 (your Firewall plugged in on this port)
Port3-7 could be untagged VLAN3, and you’d plug in your static devices here
Port8 I’d leave it be, so you can connect to and manage the switch 🙂

Seems perfect! A port for every device and all tidy! This is what i tried setting up, BUT…..

“Business” services are different still- they’ve done away with the VLANs, you just plug your firewall in and it picks up it’s address via DHCP, that’s a “persistent” address that doesn’t change. If you’ve selected 1 static IP address, that’s all you need, it’s really no different than your typical connection other than the address being dynamic (but un-changing).

If you’re 5IPs, then still you setup your firewall and get a persistent address, and again that works fine, your LAN behind your firewall is typical. The 5 static addresses, though, live on the same interface. They’re telling me I just plug in my devices to the firewall (not to the switch- no switch required now), and it just magically works- or more to the point that’s the end of their script 🙂

All google has to say about it is: “Your router must support this secondary subnet on the LAN side as a secondary address or via VLAN.”

Maybe this is easy/simple, but I have no idea how to do it. One suggestion they had was a Layer2 switch and a static route, if I were using a switch. The GS108T doesn’t support that though. I’m thinking I handle this all at the firewall now- do I setup an additional LAN, and somehow route the traffic to the WAN interface?

I don’t know if anyone will have an answer to this, but I thought I’d post what I’d learned in case it’s helpful to someone ….

Thank you for this write-up; I was able to get 940+ Mbps in both directions without the Google Network Box using my underutilized HP ProCurve 1810g-24. It’s a shame Google doesn’t at least offer a document that states the underlying basics of requiring outgoing traffic tagged as VLAN 2 and specific priority.

Tyns, thanks for leaving your comment. Good to see someone getting this working fairly recently. I’ve been having issues with Google TV going black (box is still on, but service stops). Finally got a Google Tech who told me I need to deploy this solution.

I’ve studied these posts as well as those made on IT Nutt and I’m ready to give it a try. My Google Network box is the newer DVR + Network Box all in one. Is that what you have? I’m not sure I need the DVR, but sounds like you’d have to build your own with this solution if you want one if the Google box is removed entirely. Am I correct on that?

Thanks to the information here I got this working on a GS108tV2 / R7000 recently. However, wired connections through the R7000 only get around 300 down, 330 up.

Running the speed test built into the router shows 500 down, 430 up, and if I connect my laptop direct to port 2 on the switch and run that same speed test I get the full gigabit speeds, so it must be something to do with the R7000…

Still, I’m happy to be rid of the GFNB and have my network working properly again.